Re: SMTP -> Relay settings question.

From: Ace Fekay [MVP] (PleaseSubstituteMyActualFirstName&LastNameHere_at_hotmail.com)
Date: 06/05/04

• Next message: Ace Fekay [MVP]: "Re: OWA problem when mailbox is on remote Exchange server"
• Previous message: Ace Fekay [MVP]: "Re: inheritable permission into public folders?"
• In reply to: Leif Pedersen [MVP]: "Re: SMTP -> Relay settings question."
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 4 Jun 2004 23:38:15 -0400

In news:evZlgQmSEHA.3448@TK2MSFTNGP09.phx.gbl,
Leif Pedersen [MVP] <leif.pedersenNOSPAM@get2net.dk> posted their thoughts,
then I offered mine
> Hi,
>
> Answers inline:
>
> Leif
>
> "Rob" <bzabaga-nospam@generalfiber.com> skrev i en meddelelse
> news:1856601c44a4a$50042220$a101280a@phx.gbl...
>> I want to make sure I understand this correctly - let me
>> know if I am wrong with the below statments:
>>
>> Under the SMTP virtual server properties, Access Control,
>> Authentication button - I should keep "anonymous access"
>> checked because you never know what system is sending you
>> e-mail. So it needs to allow anonymous.
>
> Correct
>>
>> What about the "Relay Restrictions" button? I kept the
>> default Exchange 2000 settings, which is to: "Allow all
>> computers which successfully authenticate to relay,
>> regardless of the list above" - is that a security hole by
>> default?
>>
> If you don't have any POP3 clients you should also remove this check
> as it will allow spammers that can guess a username/password to relay
> - see http://www.vamsoft.com/orf/authattack.asp
>
>> My setup is simple. 1 exchange server with mainly the
>> defaults exchange 2000 comes with. Is there an inherent
>> security leak there, or no?
>
> As long as you keep the server patched with the security hotfixes you
> should be fine
>
>>
>> Ideally, the only people I'd want "relaying" are the ones
>> with a valid account & password. Are these default
>> settings doing that for me?
>
> Your users only relay if they are using POP3 clients
>>
>>
>> -many thanks.
>> rergards,
>> RMZ

Hi Leif,

Just would like to add, just in case the posters' users are using IMAP4,
then they would also need to authenticate to send.

Cheers!

-- 
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. -- 
=================================

---

• Next message: Ace Fekay [MVP]: "Re: OWA problem when mailbox is on remote Exchange server"
• Previous message: Ace Fekay [MVP]: "Re: inheritable permission into public folders?"
• In reply to: Leif Pedersen [MVP]: "Re: SMTP -> Relay settings question."
• Messages sorted by: [ date ] [ thread ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)